1. Field of the Invention
The present invention relates to a multi-party key agreement method and a system therefor, and more particularly, to a multi-party key agreement method that is capable of quickly and safely sharing a multi-party key using a bilinear map and a system therefor.
This work was supported by the IT R&D program of MIC/IITA [2005-Y-001-03, Developments of next generation security technology].
2. Description of the Related Art
It is necessary to share a secret key for an encryption algorithm in order to perform secret-ensured communication using a communication environment, such as a wireless communication environment or the Internet, which is not cryptologically ensured. As exemplary methods for implementing sharing the secret key, a key distribution method and a key agreement/exchange method are generally used. In the key distribution method, one participant selects a key and transmits the selected key to the other participants. In the key agreement/exchange method, all participants participate in a key generation process and generate a new key. According to the key distribution method, since there is a problem in that participants may select a specific key for the purpose of malevolent utilization, this method is not used in the case where participants who select a key are not trusted parties. The present invention relates to a cryptological key agreement method for a plurality of participants.
The cryptological key agreement method is first suggested by Diffie and Hellman in 1976.
According to a Diffie-Hellman (DH) key agreement method, a key can be efficiently shared. However, the Diffie-Hellman (DH) method is vulnerable to impersonations exemplified as man-in-the-middle attacks, that is, attacks to use an ID and password of a normal user by stealth and pretend to be that user.
In order to prevent the impersonations, a key agreement method including a participant authentication function has been suggested, which is called authenticated key agreement.
Participant authentication methods may be classified into two methods. A method in which participants are authenticated such that the other participants other than normal participants cannot know a shared key is called an implicit authenticated key agreement.
Further, a method in which all of keys generated by individual normal participants are ensured to be the same is called key confirmation. A method that satisfies both an implicit authenticated key agreement and key confirmation is called an explicit key agreement.
A key agreement method in which a plurality of participants can simultaneously share a key is called a multi-party key agreement method. A multi-party key agreement method to be safe and efficient is not developed yet. In the multi-party key agreement method, it is very important to minimize the traffic that is needed to share a key. This is referred to as communication complexity. In particular, it is important to develop an optimized multi-party key exchange method having communication complexity of one round.
In regards to the multi-party key exchange method, first, Ingemarsson, Tang, and Wong extend it to a multi-party key agreement method on basis of a DH key agreement in 1982. After that, various researches are made to satisfy various safety requirements. As an exemplary research result of an efficient multi-party key agreement method, a multi-party key agreement method that is suggested by Bresson and Catalano shows communication complexity of two round, and is recognized as a most excellent result in terms of safety and efficiency. In regards to the multi-party key agreement method that has communication complexity of one round, there is only a method that is suggested by Boyd and Nieto. However, this method has a problem in that important safety requirements, such as forward secrecy, are satisfied and individual participants do not equally contribute to a key agreement.